Layout crash loading https://wallhaven.cc/w/7pzj1y

[webbeef]

To Reproduce: Load https://wallhaven.cc/w/7pzj1y

Expected: page loads properly

Observed: crash with the following info:

attempt to multiply with overflow (thread Script(1,1), at components/layout_2020/replaced.rs:621)

The values are:

max_inline_size=42408 block_size=172800 max_block_size=36389 inline_size=307200

This is indeed overflowing the range of a Au which is an i32. Casting the values on line 621 to i64 prevents the crash, but is that appropriate?

Platform: Tested on Linux Ubuntu 24.10

[Loirooriol]

• Testcase 1 https://github.com/servo/servo/blob/1624530ffe38753e0166cdc6c420c784c3f654d8/components/layout_2020/replaced.rs#L617

  <!DOCTYPE html>
  <canvas height="10000" width="10000" style="max-width: 500px; max-height: 500px;"></canvas>

• Testcase 2 https://github.com/servo/servo/blob/1624530ffe38753e0166cdc6c420c784c3f654d8/components/layout_2020/replaced.rs#L637

  <!DOCTYPE html>
  <canvas height="500" width="500" style="min-width: 10000px; min-height: 10000px;"></canvas>

The logic is wrong anyways, because it assumes that the aspect ratio applies to the content box, e.g.

<style>canvas { max-width: 50px; max-height: 50px; aspect-ratio: 1 / 1; box-sizing: border-box; border: solid; }</style>
<canvas style="border-width: 0 50px"></canvas>
<canvas style="border-width: 50px 0"></canvas>

Servo	Blink